You should cache the first packet received from the client side and perform its analisys before passing it to ElSecureServer instance. The incoming packet may be either an SSL2 or SSL3/TLS1 packet. In case of SSL3/TLS1 packet you need to check if the first three bytes are:
0x16, 0x03, 0x01 for TLS1,
0x16, 0x03, 0x00 for SSL3.

The case of SSL2 packet is more difficult, since SSL2 packets do not include any protocol-specific identifiers. ElSecureServer uses the following code to detect if the first received packet is a valid SSL2 packet (Delphi code):

So, we recommend you to use the following approach to check if the first incoming packet is an SSL handshake packet:
1. Get the first 3 bytes from the incoming stream,
2. Compare them with TLS1 and SSL3 identifiers,
3. If (2) failed (i.e., the incoming data is neither SSL3 nor TLS1 packet), perform the SSL2 comparison using the first two bytes.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.